diff options
Diffstat (limited to 'src')
12 files changed, 628 insertions, 37 deletions
diff --git a/src/DotNetOpenAuth/Configuration/HostNameElement.cs b/src/DotNetOpenAuth/Configuration/HostNameElement.cs new file mode 100644 index 0000000..1b8cf04 --- /dev/null +++ b/src/DotNetOpenAuth/Configuration/HostNameElement.cs @@ -0,0 +1,29 @@ +//----------------------------------------------------------------------- +// <copyright file="HostNameElement.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System.Configuration; + + /// <summary> + /// Represents the name of a single host or a regex pattern for host names. + /// </summary> + internal class HostNameElement : ConfigurationElement { + /// <summary> + /// Gets the name of the @name attribute. + /// </summary> + private const string NameConfigName = "name"; + + /// <summary> + /// Gets or sets the name of the host on the white or black list. + /// </summary> + [ConfigurationProperty(NameConfigName, IsRequired = true)] + ////[StringValidator(MinLength = 1)] + public string Name { + get { return (string)this[NameConfigName]; } + set { this[NameConfigName] = value; } + } + } +} diff --git a/src/DotNetOpenAuth/Configuration/HostNameOrRegexCollection.cs b/src/DotNetOpenAuth/Configuration/HostNameOrRegexCollection.cs new file mode 100644 index 0000000..0fa2fb1 --- /dev/null +++ b/src/DotNetOpenAuth/Configuration/HostNameOrRegexCollection.cs @@ -0,0 +1,65 @@ +//----------------------------------------------------------------------- +// <copyright file="HostNameOrRegexCollection.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System.Collections.Generic; + using System.Configuration; + using System.Text.RegularExpressions; + + /// <summary> + /// Represents a collection of child elements that describe host names either as literal host names or regex patterns. + /// </summary> + internal class HostNameOrRegexCollection : ConfigurationElementCollection { + /// <summary> + /// Initializes a new instance of the <see cref="HostNameOrRegexCollection"/> class. + /// </summary> + public HostNameOrRegexCollection() { + } + + /// <summary> + /// Gets all the members of the collection assuming they are all literal host names. + /// </summary> + internal IEnumerable<string> KeysAsStrings { + get { + foreach (HostNameElement element in this) { + yield return element.Name; + } + } + } + + /// <summary> + /// Gets all the members of the collection assuming they are all host names regex patterns. + /// </summary> + internal IEnumerable<Regex> KeysAsRegexs { + get { + foreach (HostNameElement element in this) { + yield return new Regex(element.Name); + } + } + } + + /// <summary> + /// Creates a new child host name element. + /// </summary> + /// <returns> + /// A new <see cref="T:System.Configuration.ConfigurationElement"/>. + /// </returns> + protected override ConfigurationElement CreateNewElement() { + return new HostNameElement(); + } + + /// <summary> + /// Gets the element key for a specified configuration element. + /// </summary> + /// <param name="element">The <see cref="T:System.Configuration.ConfigurationElement"/> to return the key for.</param> + /// <returns> + /// An <see cref="T:System.Object"/> that acts as the key for the specified <see cref="T:System.Configuration.ConfigurationElement"/>. + /// </returns> + protected override object GetElementKey(ConfigurationElement element) { + return ((HostNameElement)element).Name; + } + } +} diff --git a/src/DotNetOpenAuth/Configuration/ProviderSection.cs b/src/DotNetOpenAuth/Configuration/ProviderSection.cs new file mode 100644 index 0000000..95b3de7 --- /dev/null +++ b/src/DotNetOpenAuth/Configuration/ProviderSection.cs @@ -0,0 +1,56 @@ +//----------------------------------------------------------------------- +// <copyright file="ProviderSection.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System.Configuration; + using IProviderAssociationStore = DotNetOpenAuth.OpenId.IAssociationStore<DotNetOpenAuth.OpenId.AssociationRelyingPartyType>; + + /// <summary> + /// The section in the .config file that allows customization of OpenID Provider behaviors. + /// </summary> + internal class ProviderSection : ConfigurationSection { + /// <summary> + /// The name of the security sub-element. + /// </summary> + private const string SecuritySettingsConfigName = "security"; + + /// <summary> + /// The name of the custom store sub-element. + /// </summary> + private const string StoreConfigName = "store"; + + /// <summary> + /// Initializes a new instance of the <see cref="ProviderSection"/> class. + /// </summary> + public ProviderSection() { + } + + /// <summary> + /// Gets or sets the security settings. + /// </summary> + [ConfigurationProperty(SecuritySettingsConfigName)] + public ProviderSecuritySettingsElement SecuritySettings { + get { return (ProviderSecuritySettingsElement)this[SecuritySettingsConfigName] ?? new ProviderSecuritySettingsElement(); } + set { this[SecuritySettingsConfigName] = value; } + } + + /// <summary> + /// Gets or sets the association store type. + /// </summary> + [ConfigurationProperty(StoreConfigName)] + public TypeConfigurationElement<IProviderAssociationStore> AssociationStore { + get { return (TypeConfigurationElement<IProviderAssociationStore>)this[StoreConfigName] ?? new TypeConfigurationElement<IProviderAssociationStore>(); } + set { this[StoreConfigName] = value; } + } + + /// <summary> + /// Gets the configuration element from the .config file. + /// </summary> + internal static ProviderSection Configuration { + get { return (ProviderSection)ConfigurationManager.GetSection("dotNetOpenAuth/openid/provider") ?? new ProviderSection(); } + } + } +} diff --git a/src/DotNetOpenAuth/Configuration/ProviderSecuritySettingsElement.cs b/src/DotNetOpenAuth/Configuration/ProviderSecuritySettingsElement.cs new file mode 100644 index 0000000..eb6c486 --- /dev/null +++ b/src/DotNetOpenAuth/Configuration/ProviderSecuritySettingsElement.cs @@ -0,0 +1,77 @@ +//----------------------------------------------------------------------- +// <copyright file="ProviderSecuritySettingsElement.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System.Configuration; + using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.Provider; + + /// <summary> + /// Represents the .config file element that allows for setting the security policies of the Provider. + /// </summary> + internal class ProviderSecuritySettingsElement : ConfigurationElement { + /// <summary> + /// Gets the name of the @protectDownlevelReplayAttacks attribute. + /// </summary> + private const string ProtectDownlevelReplayAttacksConfigName = "protectDownlevelReplayAttacks"; + + /// <summary> + /// Gets the name of the @minimumHashBitLength attribute. + /// </summary> + private const string MinimumHashBitLengthConfigName = "minimumHashBitLength"; + + /// <summary> + /// Gets the name of the @maximumHashBitLength attribute. + /// </summary> + private const string MaximumHashBitLengthConfigName = "maximumHashBitLength"; + + /// <summary> + /// Initializes a new instance of the <see cref="ProviderSecuritySettingsElement"/> class. + /// </summary> + public ProviderSecuritySettingsElement() { + } + + /// <summary> + /// Gets or sets the minimum length of the hash that protects the protocol from hijackers. + /// </summary> + [ConfigurationProperty(MinimumHashBitLengthConfigName, DefaultValue = SecuritySettings.MinimumHashBitLengthDefault)] + public int MinimumHashBitLength { + get { return (int)this[MinimumHashBitLengthConfigName]; } + set { this[MinimumHashBitLengthConfigName] = value; } + } + + /// <summary> + /// Gets or sets the maximum length of the hash that protects the protocol from hijackers. + /// </summary> + [ConfigurationProperty(MaximumHashBitLengthConfigName, DefaultValue = SecuritySettings.MaximumHashBitLengthRPDefault)] + public int MaximumHashBitLength { + get { return (int)this[MaximumHashBitLengthConfigName]; } + set { this[MaximumHashBitLengthConfigName] = value; } + } + + /// <summary> + /// Gets or sets a value indicating whether the Provider should take special care to protect OpenID 1.x relying parties + /// against replay attacks. + /// </summary> + [ConfigurationProperty(ProtectDownlevelReplayAttacksConfigName, DefaultValue = false)] + public bool ProtectDownlevelReplayAttacks { + get { return (bool)this[ProtectDownlevelReplayAttacksConfigName]; } + set { this[ProtectDownlevelReplayAttacksConfigName] = value; } + } + + /// <summary> + /// Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. + /// </summary> + /// <returns>The newly created security settings object.</returns> + public ProviderSecuritySettings CreateSecuritySettings() { + ProviderSecuritySettings settings = new ProviderSecuritySettings(); + settings.MinimumHashBitLength = this.MinimumHashBitLength; + settings.MaximumHashBitLength = this.MaximumHashBitLength; + settings.ProtectDownlevelReplayAttacks = this.ProtectDownlevelReplayAttacks; + return settings; + } + } +} diff --git a/src/DotNetOpenAuth/Configuration/RelyingPartySection.cs b/src/DotNetOpenAuth/Configuration/RelyingPartySection.cs new file mode 100644 index 0000000..d30fb08 --- /dev/null +++ b/src/DotNetOpenAuth/Configuration/RelyingPartySection.cs @@ -0,0 +1,59 @@ +//----------------------------------------------------------------------- +// <copyright file="RelyingPartySection.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System; + using System.Configuration; + using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.RelyingParty; + using IRelyingPartyAssociationStore = DotNetOpenAuth.OpenId.IAssociationStore<System.Uri>; + + /// <summary> + /// The section in the .config file that allows customization of OpenID Relying Party behaviors. + /// </summary> + internal class RelyingPartySection : ConfigurationSection { + /// <summary> + /// The name of the custom store sub-element. + /// </summary> + private const string StoreConfigName = "store"; + + /// <summary> + /// Gets the name of the security sub-element. + /// </summary> + private const string SecuritySettingsConfigName = "security"; + + /// <summary> + /// Initializes a new instance of the <see cref="RelyingPartySection"/> class. + /// </summary> + public RelyingPartySection() { + } + + /// <summary> + /// Gets or sets the security settings. + /// </summary> + [ConfigurationProperty(SecuritySettingsConfigName)] + public RelyingPartySecuritySettingsElement SecuritySettings { + get { return (RelyingPartySecuritySettingsElement)this[SecuritySettingsConfigName] ?? new RelyingPartySecuritySettingsElement(); } + set { this[SecuritySettingsConfigName] = value; } + } + + /// <summary> + /// Gets or sets the association store type. + /// </summary> + [ConfigurationProperty(StoreConfigName)] + public TypeConfigurationElement<IRelyingPartyAssociationStore> AssociationStore { + get { return (TypeConfigurationElement<IRelyingPartyAssociationStore>)this[StoreConfigName] ?? new TypeConfigurationElement<IRelyingPartyAssociationStore>(); } + set { this[StoreConfigName] = value; } + } + + /// <summary> + /// Gets the configuration element from the .config file. + /// </summary> + internal static RelyingPartySection Configuration { + get { return (RelyingPartySection)ConfigurationManager.GetSection("dotNetOpenAuth/openid/relyingParty") ?? new RelyingPartySection(); } + } + } +} diff --git a/src/DotNetOpenAuth/Configuration/RelyingPartySecuritySettingsElement.cs b/src/DotNetOpenAuth/Configuration/RelyingPartySecuritySettingsElement.cs new file mode 100644 index 0000000..e5cc747 --- /dev/null +++ b/src/DotNetOpenAuth/Configuration/RelyingPartySecuritySettingsElement.cs @@ -0,0 +1,95 @@ +//----------------------------------------------------------------------- +// <copyright file="RelyingPartySecuritySettingsElement.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System.Configuration; + using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.RelyingParty; + + /// <summary> + /// Represents the .config file element that allows for setting the security policies of the Relying Party. + /// </summary> + internal class RelyingPartySecuritySettingsElement : ConfigurationElement { + /// <summary> + /// Gets the name of the @minimumRequiredOpenIdVersion attribute. + /// </summary> + private const string MinimumRequiredOpenIdVersionConfigName = "minimumRequiredOpenIdVersion"; + + /// <summary> + /// Gets the name of the @minimumHashBitLength attribute. + /// </summary> + private const string MinimumHashBitLengthConfigName = "minimumHashBitLength"; + + /// <summary> + /// Gets the name of the @maximumHashBitLength attribute. + /// </summary> + private const string MaximumHashBitLengthConfigName = "maximumHashBitLength"; + + /// <summary> + /// Gets the name of the @requireSsl attribute. + /// </summary> + private const string RequireSslConfigName = "requireSsl"; + + /// <summary> + /// Initializes a new instance of the <see cref="RelyingPartySecuritySettingsElement"/> class. + /// </summary> + public RelyingPartySecuritySettingsElement() { + } + + /// <summary> + /// Gets or sets a value indicating whether all discovery and authentication should require SSL security. + /// </summary> + [ConfigurationProperty(RequireSslConfigName, DefaultValue = false)] + public bool RequireSsl { + get { return (bool)this[RequireSslConfigName]; } + set { this[RequireSslConfigName] = value; } + } + + /// <summary> + /// Gets or sets the minimum OpenID version a Provider is required to support in order for this library to interoperate with it. + /// </summary> + /// <remarks> + /// Although the earliest versions of OpenID are supported, for security reasons it may be desirable to require the + /// remote party to support a later version of OpenID. + /// </remarks> + [ConfigurationProperty(MinimumRequiredOpenIdVersionConfigName, DefaultValue = "V10")] + public ProtocolVersion MinimumRequiredOpenIdVersion { + get { return (ProtocolVersion)this[MinimumRequiredOpenIdVersionConfigName]; } + set { this[MinimumRequiredOpenIdVersionConfigName] = value; } + } + + /// <summary> + /// Gets or sets the minimum length of the hash that protects the protocol from hijackers. + /// </summary> + [ConfigurationProperty(MinimumHashBitLengthConfigName, DefaultValue = SecuritySettings.MinimumHashBitLengthDefault)] + public int MinimumHashBitLength { + get { return (int)this[MinimumHashBitLengthConfigName]; } + set { this[MinimumHashBitLengthConfigName] = value; } + } + + /// <summary> + /// Gets or sets the maximum length of the hash that protects the protocol from hijackers. + /// </summary> + [ConfigurationProperty(MaximumHashBitLengthConfigName, DefaultValue = SecuritySettings.MaximumHashBitLengthRPDefault)] + public int MaximumHashBitLength { + get { return (int)this[MaximumHashBitLengthConfigName]; } + set { this[MaximumHashBitLengthConfigName] = value; } + } + + /// <summary> + /// Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. + /// </summary> + /// <returns>The newly created security settings object.</returns> + public RelyingPartySecuritySettings CreateSecuritySettings() { + RelyingPartySecuritySettings settings = new RelyingPartySecuritySettings(); + settings.RequireSsl = this.RequireSsl; + settings.MinimumRequiredOpenIdVersion = this.MinimumRequiredOpenIdVersion; + settings.MinimumHashBitLength = this.MinimumHashBitLength; + settings.MaximumHashBitLength = this.MaximumHashBitLength; + return settings; + } + } +} diff --git a/src/DotNetOpenAuth/Configuration/TypeConfigurationElement.cs b/src/DotNetOpenAuth/Configuration/TypeConfigurationElement.cs new file mode 100644 index 0000000..a315060 --- /dev/null +++ b/src/DotNetOpenAuth/Configuration/TypeConfigurationElement.cs @@ -0,0 +1,55 @@ +//----------------------------------------------------------------------- +// <copyright file="TypeConfigurationElement.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System; + using System.Configuration; + + /// <summary> + /// Represents an element in a .config file that allows the user to provide a @type attribute specifying + /// the full type that provides some service used by this library. + /// </summary> + /// <typeparam name="T">A constraint on the type the user may provide.</typeparam> + internal class TypeConfigurationElement<T> : ConfigurationElement { + /// <summary> + /// The name of the attribute whose value is the full name of the type the user is specifying. + /// </summary> + private const string CustomTypeConfigName = "type"; + + /// <summary> + /// Initializes a new instance of the TypeConfigurationElement class. + /// </summary> + public TypeConfigurationElement() { + } + + /// <summary> + /// Gets or sets the full name of the type. + /// </summary> + /// <value>The full name of the type, such as: "ConsumerPortal.Code.CustomStore, ConsumerPortal".</value> + [ConfigurationProperty(CustomTypeConfigName)] + ////[SubclassTypeValidator(typeof(T))] // this attribute is broken in .NET, I think. + public string TypeName { + get { return (string)this[CustomTypeConfigName]; } + set { this[CustomTypeConfigName] = value; } + } + + /// <summary> + /// Gets the type described in the .config file. + /// </summary> + public Type CustomType { + get { return string.IsNullOrEmpty(this.TypeName) ? null : Type.GetType(this.TypeName); } + } + + /// <summary> + /// Creates an instance of the type described in the .config file. + /// </summary> + /// <param name="defaultValue">The value to return if no type is given in the .config file.</param> + /// <returns>The newly instantiated type.</returns> + public T CreateInstance(T defaultValue) { + return this.CustomType != null ? (T)Activator.CreateInstance(this.CustomType) : defaultValue; + } + } +} diff --git a/src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs b/src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs new file mode 100644 index 0000000..06a670f --- /dev/null +++ b/src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs @@ -0,0 +1,154 @@ +//----------------------------------------------------------------------- +// <copyright file="UntrustedWebRequestSection.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Configuration { + using System; + using System.Configuration; + + /// <summary> + /// Represents the section of a .config file where security policies regarding web requests + /// to user-provided, untrusted servers is controlled. + /// </summary> + internal class UntrustedWebRequestSection : ConfigurationSection { + #region Attribute names + + /// <summary> + /// Gets the name of the @timeout attribute. + /// </summary> + private const string TimeoutConfigName = "timeout"; + + /// <summary> + /// Gets the name of the @readWriteTimeout attribute. + /// </summary> + private const string ReadWriteTimeoutConfigName = "readWriteTimeout"; + + /// <summary> + /// Gets the name of the @maximumBytesToRead attribute. + /// </summary> + private const string MaximumBytesToReadConfigName = "maximumBytesToRead"; + + /// <summary> + /// Gets the name of the @maximumRedirections attribute. + /// </summary> + private const string MaximumRedirectionsConfigName = "maximumRedirections"; + + /// <summary> + /// Gets the name of the @whitelistHosts attribute. + /// </summary> + private const string WhitelistHostsConfigName = "whitelistHosts"; + + /// <summary> + /// Gets the name of the @whitelistHostsRegex attribute. + /// </summary> + private const string WhitelistHostsRegexConfigName = "whitelistHostsRegex"; + + /// <summary> + /// Gets the name of the @blacklistHosts attribute. + /// </summary> + private const string BlacklistHostsConfigName = "blacklistHosts"; + + /// <summary> + /// Gets the name of the @blacklistHostsRegex attribute. + /// </summary> + private const string BlacklistHostsRegexConfigName = "blacklistHostsRegex"; + + #endregion + + /// <summary> + /// Initializes a new instance of the <see cref="UntrustedWebRequestSection"/> class. + /// </summary> + public UntrustedWebRequestSection() { + SectionInformation.AllowLocation = false; + } + + /// <summary> + /// Gets or sets the read/write timeout after which an HTTP request will fail. + /// </summary> + [ConfigurationProperty(ReadWriteTimeoutConfigName, DefaultValue = "00:00:00.800")] + [PositiveTimeSpanValidator] + public TimeSpan ReadWriteTimeout { + get { return (TimeSpan)this[ReadWriteTimeoutConfigName]; } + set { this[ReadWriteTimeoutConfigName] = value; } + } + + /// <summary> + /// Gets or sets the timeout after which an HTTP request will fail. + /// </summary> + [ConfigurationProperty(TimeoutConfigName, DefaultValue = "00:00:10")] + [PositiveTimeSpanValidator] + public TimeSpan Timeout { + get { return (TimeSpan)this[TimeoutConfigName]; } + set { this[TimeoutConfigName] = value; } + } + + /// <summary> + /// Gets or sets the maximum bytes to read from an untrusted web server. + /// </summary> + [ConfigurationProperty(MaximumBytesToReadConfigName, DefaultValue = 1024 * 1024)] + [IntegerValidator(MinValue = 2048)] + public int MaximumBytesToRead { + get { return (int)this[MaximumBytesToReadConfigName]; } + set { this[MaximumBytesToReadConfigName] = value; } + } + + /// <summary> + /// Gets or sets the maximum redirections that will be followed before an HTTP request fails. + /// </summary> + [ConfigurationProperty(MaximumRedirectionsConfigName, DefaultValue = 10)] + [IntegerValidator(MinValue = 0)] + public int MaximumRedirections { + get { return (int)this[MaximumRedirectionsConfigName]; } + set { this[MaximumRedirectionsConfigName] = value; } + } + + /// <summary> + /// Gets or sets the collection of hosts on the whitelist. + /// </summary> + [ConfigurationProperty(WhitelistHostsConfigName, IsDefaultCollection = false)] + [ConfigurationCollection(typeof(HostNameOrRegexCollection))] + public HostNameOrRegexCollection WhitelistHosts { + get { return (HostNameOrRegexCollection)this[WhitelistHostsConfigName] ?? new HostNameOrRegexCollection(); } + set { this[WhitelistHostsConfigName] = value; } + } + + /// <summary> + /// Gets or sets the collection of hosts on the blacklist. + /// </summary> + [ConfigurationProperty(BlacklistHostsConfigName, IsDefaultCollection = false)] + [ConfigurationCollection(typeof(HostNameOrRegexCollection))] + public HostNameOrRegexCollection BlacklistHosts { + get { return (HostNameOrRegexCollection)this[BlacklistHostsConfigName] ?? new HostNameOrRegexCollection(); } + set { this[BlacklistHostsConfigName] = value; } + } + + /// <summary> + /// Gets or sets the collection of regular expressions that describe hosts on the whitelist. + /// </summary> + [ConfigurationProperty(WhitelistHostsRegexConfigName, IsDefaultCollection = false)] + [ConfigurationCollection(typeof(HostNameOrRegexCollection))] + public HostNameOrRegexCollection WhitelistHostsRegex { + get { return (HostNameOrRegexCollection)this[WhitelistHostsRegexConfigName] ?? new HostNameOrRegexCollection(); } + set { this[WhitelistHostsRegexConfigName] = value; } + } + + /// <summary> + /// Gets or sets the collection of regular expressions that describe hosts on the blacklist. + /// </summary> + [ConfigurationProperty(BlacklistHostsRegexConfigName, IsDefaultCollection = false)] + [ConfigurationCollection(typeof(HostNameOrRegexCollection))] + public HostNameOrRegexCollection BlacklistHostsRegex { + get { return (HostNameOrRegexCollection)this[BlacklistHostsRegexConfigName] ?? new HostNameOrRegexCollection(); } + set { this[BlacklistHostsRegexConfigName] = value; } + } + + /// <summary> + /// Gets the configuration element from the .config file. + /// </summary> + internal static UntrustedWebRequestSection Configuration { + get { return (UntrustedWebRequestSection)ConfigurationManager.GetSection("dotNetOpenAuth/messaging/untrustedWebRequest") ?? new UntrustedWebRequestSection(); } + } + } +} diff --git a/src/DotNetOpenAuth/DotNetOpenAuth.csproj b/src/DotNetOpenAuth/DotNetOpenAuth.csproj index 432dad6..8c26a46 100644 --- a/src/DotNetOpenAuth/DotNetOpenAuth.csproj +++ b/src/DotNetOpenAuth/DotNetOpenAuth.csproj @@ -49,6 +49,7 @@ <HintPath>..\..\lib\log4net.dll</HintPath> </Reference> <Reference Include="System" /> + <Reference Include="System.configuration" /> <Reference Include="System.Core"> <RequiredTargetFramework>3.5</RequiredTargetFramework> </Reference> @@ -63,6 +64,14 @@ </Reference> </ItemGroup> <ItemGroup> + <Compile Include="Configuration\ProviderSection.cs" /> + <Compile Include="Configuration\ProviderSecuritySettingsElement.cs" /> + <Compile Include="Configuration\RelyingPartySection.cs" /> + <Compile Include="Configuration\RelyingPartySecuritySettingsElement.cs" /> + <Compile Include="Configuration\TypeConfigurationElement.cs" /> + <Compile Include="Configuration\UntrustedWebRequestSection.cs" /> + <Compile Include="Configuration\HostNameOrRegexCollection.cs" /> + <Compile Include="Configuration\HostNameElement.cs" /> <Compile Include="Messaging\EmptyDictionary.cs" /> <Compile Include="Messaging\EmptyEnumerator.cs" /> <Compile Include="Messaging\EmptyList.cs" /> diff --git a/src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs b/src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs index 16f23f9..3ae299e 100644 --- a/src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs +++ b/src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs @@ -16,21 +16,21 @@ namespace DotNetOpenAuth.OpenId.Provider { : base(true) { } - // This property is a placeholder for a feature that has not been written yet. - ///// <summary> - ///// Gets or sets whether OpenID 1.x relying parties that may not be - ///// protecting their users from replay attacks are protected from - ///// replay attacks by this provider. - ///// </summary> - ///// <remarks> - ///// <para>Nonces for protection against replay attacks were not mandated - ///// by OpenID 1.x, which leaves users open to replay attacks.</para> - ///// <para>This feature works by preventing associations from being formed - ///// with OpenID 1.x relying parties, thereby forcing them into - ///// "dumb" mode and verifying every claim with this provider. - ///// This gives the provider an opportunity to verify its own nonce - ///// to protect against replay attacks.</para> - ///// </remarks> - ////internal bool ProtectDownlevelReplayAttacks { get; set; } + /// <summary> + /// Gets or sets a value indicating whether OpenID 1.x relying parties that may not be + /// protecting their users from replay attacks are protected from + /// replay attacks by this provider. + /// *** This property is a placeholder for a feature that has not been written yet. *** + /// </summary> + /// <remarks> + /// <para>Nonces for protection against replay attacks were not mandated + /// by OpenID 1.x, which leaves users open to replay attacks.</para> + /// <para>This feature works by preventing associations from being formed + /// with OpenID 1.x relying parties, thereby forcing them into + /// "dumb" mode and verifying every claim with this provider. + /// This gives the provider an opportunity to verify its own nonce + /// to protect against replay attacks.</para> + /// </remarks> + internal bool ProtectDownlevelReplayAttacks { get; set; } } } diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs index c5b6088..7a3360b 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs @@ -6,6 +6,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { using System; + using DotNetOpenAuth.Messaging; /// <summary> /// Security settings that are applicable to relying parties. diff --git a/src/DotNetOpenAuth/OpenId/SecuritySettings.cs b/src/DotNetOpenAuth/OpenId/SecuritySettings.cs index d3ff934..7f574ba 100644 --- a/src/DotNetOpenAuth/OpenId/SecuritySettings.cs +++ b/src/DotNetOpenAuth/OpenId/SecuritySettings.cs @@ -10,13 +10,19 @@ namespace DotNetOpenAuth.OpenId { /// </summary> public class SecuritySettings { /// <summary> - /// Initializes static members of the <see cref="SecuritySettings"/> class. + /// Gets the default minimum hash bit length. /// </summary> - static SecuritySettings() { - MinimumHashBitLengthDefault = 160; - MaximumHashBitLengthRPDefault = 256; - MaximumHashBitLengthOPDefault = 512; - } + internal const int MinimumHashBitLengthDefault = 160; + + /// <summary> + /// Gets the maximum hash bit length default for relying parties. + /// </summary> + internal const int MaximumHashBitLengthRPDefault = 256; + + /// <summary> + /// Gets the maximum hash bit length default for providers. + /// </summary> + internal const int MaximumHashBitLengthOPDefault = 512; /// <summary> /// Initializes a new instance of the <see cref="SecuritySettings"/> class. @@ -55,21 +61,6 @@ namespace DotNetOpenAuth.OpenId { public int MaximumHashBitLength { get; set; } /// <summary> - /// Gets the default minimum hash bit length. - /// </summary> - internal static int MinimumHashBitLengthDefault { get; private set; } - - /// <summary> - /// Gets the maximum hash bit length default for relying parties. - /// </summary> - internal static int MaximumHashBitLengthRPDefault { get; private set; } - - /// <summary> - /// Gets the maximum hash bit length default for providers. - /// </summary> - internal static int MaximumHashBitLengthOPDefault { get; private set; } - - /// <summary> /// Determines whether a named association fits the security requirements. /// </summary> /// <param name="protocol">The protocol carrying the association.</param> |